The TMG firewall introduced a new feature called “Enhanced NAT”. The primary goal of Enhanced NAT is to allow the TMG firewall administrator to control the source IP address of outbound packets. With the ISA firewall, the source IP address for outbound packets was always the primary IP address on the external interface to the ISA firewall. The primary IP address is the IP address on the top of the list of IP addresses in the TCP/IP Properties of the NIC.
What you might not know is that this has completely changed with the TMG firewall!
No longer is the primary IP address used as the default IP address used for outbound connections.
In addition, the Enhance NAT feature allows you to control which IP address bound to the external interface will be used as the source IP address for an outbound connection, depending on the source network of the originating request.
For all the cool details, check out this great article by Philipp Sand and reviewed by Eric Detoc –
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)